Implement NIVC Coprocessors. #677
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
porcuquine
force-pushed
the
nivc-coprocessors
branch
from
f75ec09
to
838d4c5
Compare
|
CI failure should (🤞 ) be fixed once lurk-lab/arecibo#50 merges — though CI will need to be re-triggered to notice. |
porcuquine
force-pushed
the
nivc-coprocessors
branch
3 times, most recently
from
a0b1024
to
2312def
Compare
|
#678 implements some simplifications in |
This was referenced Sep 18, 2023
arthurpaulino
previously approved these changes
Sep 18, 2023
Closed
porcuquine
force-pushed
the
nivc-coprocessors
branch
from
97538a3
to
cdcd48a
Compare
|
Ideally, someone could work on #683 before we merge this PR. |
|
Meanwhile, here's the outcome of running the |
arthurpaulino
previously approved these changes
Sep 18, 2023
Closed
arthurpaulino
force-pushed
the
nivc-coprocessors
branch
from
8e5677a
to
00ad4d1
Compare
arthurpaulino
force-pushed
the
nivc-coprocessors
branch
from
00ad4d1
to
b4aeb4d
Compare
mpenciak
approved these changes
Sep 19, 2023
emmorais
approved these changes
Sep 19, 2023
arthurpaulino
approved these changes
Sep 19, 2023
huitseeker
approved these changes
Sep 19, 2023
Comment on lines
+125
to
+127
| // we need this count, even though folding_config contains reduction_count | ||
| // because it might be overridden in the case of a coprocoessor, which should have rc=1. | ||
| // This is not ideal and might not *actually* be needed. |
| let mut bytes = hasher.finalize(); | ||
| bytes.reverse(); | ||
| let l = bytes.len(); | ||
| // Discard the two most significant bits. |
There was a problem hiding this comment.
We may want to leave a TODO & an issue here, as this will need revisiting when we are dealing with a different field.
Throughout the code base, unless I missed it, we probably want to write a map-to-field that's a tad more rigorous and systematic (i.e. works through modular reduction when we don't care about collision, sensible truncation valid for any field passed as parameter when we do).
There was a problem hiding this comment.
Although you make a reasonable point, I don't think it's especially relevant here in particular. Here sha256 is just being used as an 'expensive circuit', and the example itself doesn't pretend to be meaningful in any way. I do agree that a toolkit and strategies for writing applications that may want to do 'strange things' might be useful. However, I don't think it's core either to Lurk or to this NIVC coprocessors example.
There was a problem hiding this comment.
True, not essential for the sake of this particular example.
Comment on lines
+204
to
+210
| // println!("Verifying proof..."); | ||
|
|
||
| // let verify_start = Instant::now(); | ||
| // let res = proof.verify(claim, &z0, &zi).unwrap(); | ||
| // let verify_end = verify_start.elapsed(); | ||
|
|
||
| // println!("Verify took {:?}", verify_end); |
There was a problem hiding this comment.
Yep, it would be really great to have this as well.
There was a problem hiding this comment.
Yes, it would. It's not entirely obvious what the right interface for this will be. Whereas a Nova RecursiveSnark contains the z_i needed to verify itself, a SuperNova RecursiveSnark does not. It needs to also be provided with a RunningClaim. In order to provide an interface as much like Nova's as possible, it may be necessary to refactor SuperNova in arecibo. @mpenciak is looking into this. I'll create an issue to track this understanding, and if we end up deciding to hack around it in Lurk, we can. For now, I assume the right thing is to reshape the upstream interfaces.
huitseeker
added a commit
to huitseeker/lurk-rs
that referenced
this pull request
Sep 20, 2023
That PR was on auto-merge.
huitseeker
added a commit
to huitseeker/lurk-rs
that referenced
this pull request
Sep 20, 2023
That PR was on auto-merge.
huitseeker
added a commit
to huitseeker/lurk-rs
that referenced
this pull request
Sep 20, 2023
That PR was on auto-merge.
This was referenced Sep 20, 2023
huitseeker
added a commit
to huitseeker/lurk-rs
that referenced
this pull request
Sep 27, 2023
- uses the generic MultiFrame trait introduced in the prior commit to generically prove using nova, - For references on the latest work defining this trait, see lurk-lab#629 (and its history, incl. lurk-lab#642, lurk-lab#707) and lurk-lab#677. - make the benches use the generic trait, so LEM can bench similarly, - make the examples use the generic trait, so LEM can example similarly, - make Supernova use the generic trait, so LEM can NIVC similarly,
huitseeker
added a commit
to huitseeker/lurk-rs
that referenced
this pull request
Sep 27, 2023
- uses the generic MultiFrame trait introduced in the prior commit to generically prove using nova, - For references on the latest work defining this trait, see lurk-lab#629 (and its history, incl. lurk-lab#642, lurk-lab#707) and lurk-lab#677. - make the benches use the generic trait, so LEM can bench similarly, - make the examples use the generic trait, so LEM can example similarly, - make Supernova use the generic trait, so LEM can NIVC similarly,
huitseeker
added a commit
to huitseeker/lurk-rs
that referenced
this pull request
Sep 27, 2023
- uses the generic MultiFrame trait introduced in the prior commit to generically prove using nova, - For references on the latest work defining this trait, see lurk-lab#629 (and its history, incl. lurk-lab#642, lurk-lab#707) and lurk-lab#677. - make the benches use the generic trait, so LEM can bench similarly, - make the examples use the generic trait, so LEM can example similarly, - make Supernova use the generic trait, so LEM can NIVC similarly,
huitseeker
added a commit
to huitseeker/lurk-rs
that referenced
this pull request
Sep 27, 2023
- uses the generic MultiFrame trait introduced in the prior commit to generically prove using nova, - For references on the latest work defining this trait, see lurk-lab#629 (and its history, incl. lurk-lab#642, lurk-lab#707) and lurk-lab#677. - make the benches use the generic trait, so LEM can bench similarly, - make the examples use the generic trait, so LEM can example similarly, - make Supernova use the generic trait, so LEM can NIVC similarly,
huitseeker
added a commit
to huitseeker/lurk-rs
that referenced
this pull request
Sep 27, 2023
- uses the generic MultiFrame trait introduced in the prior commit to generically prove using nova, - For references on the latest work defining this trait, see lurk-lab#629 (and its history, incl. lurk-lab#642, lurk-lab#707) and lurk-lab#677. - make the benches use the generic trait, so LEM can bench similarly, - make the examples use the generic trait, so LEM can example similarly, - make Supernova use the generic trait, so LEM can NIVC similarly,
huitseeker
added a commit
to huitseeker/lurk-rs
that referenced
this pull request
Sep 27, 2023
- uses the generic MultiFrame trait introduced in the prior commit to generically prove using nova, - For references on the latest work defining this trait, see lurk-lab#629 (and its history, incl. lurk-lab#642, lurk-lab#707) and lurk-lab#677. - make the benches use the generic trait, so LEM can bench similarly, - make the examples use the generic trait, so LEM can example similarly, - make Supernova use the generic trait, so LEM can NIVC similarly,
huitseeker
added a commit
to huitseeker/lurk-rs
that referenced
this pull request
Sep 27, 2023
- uses the generic MultiFrame trait introduced in the prior commit to generically prove using nova, - For references on the latest work defining this trait, see lurk-lab#629 (and its history, incl. lurk-lab#642, lurk-lab#707) and lurk-lab#677. - make the benches use the generic trait, so LEM can bench similarly, - make the examples use the generic trait, so LEM can example similarly, - make Supernova use the generic trait, so LEM can NIVC similarly,
huitseeker
added a commit
to huitseeker/lurk-rs
that referenced
this pull request
Sep 27, 2023
- uses the generic MultiFrame trait introduced in the prior commit to generically prove using nova, - For references on the latest work defining this trait, see lurk-lab#629 (and its history, incl. lurk-lab#642, lurk-lab#707) and lurk-lab#677. - make the benches use the generic trait, so LEM can bench similarly, - make the examples use the generic trait, so LEM can example similarly, - make Supernova use the generic trait, so LEM can NIVC similarly,
huitseeker
added a commit
that referenced
this pull request
Sep 28, 2023
* feat: Introduce MultiFrame trait Mutability leftovers (see #680) - Updated benchmarking scripts to no longer mutate the `store` variable during evaluation frames retrieval. - Reformed `get_evaluation_frames` method across several files to use immutable references to `store` instead of mutable references. Multiframe definition - Introduced several new traits - `CEKState`, `FrameLike`, `EvaluationStore` and `MultiFrameTrait` to manage complex evaluation and circuit proof operations in the `proof/mod.rs` file. - Detailed implementations of the above traits introduced in `circuit/circuit_frame.rs`, providing methods for handling evaluation frames, synthesizing data from multiple frames and more. * refactor: make nova proofs use the generic trait - uses the generic MultiFrame trait introduced in the prior commit to generically prove using nova, - For references on the latest work defining this trait, see #629 (and its history, incl. #642, #707) and #677. - make the benches use the generic trait, so LEM can bench similarly, - make the examples use the generic trait, so LEM can example similarly, - make Supernova use the generic trait, so LEM can NIVC similarly, * use a type alias to simplify test calls --------- Co-authored-by: Arthur Paulino <arthurleonardo.ap@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR addresses #637, though some details differ from the precise plan described there.
The current approach demonstrates that we can indeed use a coprocessor defined for IVC and the existing framework, then deploy it to NIVC via a new SuperNova prover type. Because the underlying backend is incomplete and its interfaces not quite worked out, this leaves some gaps. We need to fill in those gaps and massage the result to make switching between NIVC and IVC as smooth as possible, but we should not try to do all that now. Rather, we should incorporate the current work quickly then focus on incremental improvements. I will itemize some of these in a separate issue.
The code here is quite focused and does little more than is strictly required to make this work. The main change that needs to be noted is that in order to keep each coprocessor circuit simple, I made a slight change to the coprocessor contract. Previously, the coprocessor circuit was nestled into reduction such that it could return its evaluated argument directly to the
ApplyContinuationphase. However, this does not allow for clean division of circuits.Now coprocessors return an unevaluated argument and a tail continuation. This is conceptually simple, but does increase the cycle count, as well as the size of each coprocessor circuit. Although not optimal, this has the benefit of being understandable and simple enough to fully implement in a way that yields a consistent design.
Alternative approaches to improving this situation can be considered in a separate issue.